What is Phishing?
Phishing is a term used to describe any attack that involves deceiving people into handing over sensitive information or money. These attacks can be carried out via email, instant messaging (SMS phishing) or through a fake URL / website. Attackers are often able to personalize their messages using information they glean from social media such as pet names, children’s birthdays and schools attended. This helps them create more convincing emails that can be easier to fall for. Other tools attackers can use include AI voice generators to make them sound like a person of authority or even their family members and friends when phoning victims via telephone (called vishing).
Many of the same tactics attackers use in phishing attempts apply across all of these types of attacks, including the use of unnerving phrases designed to create urgency and encourage the recipient to act without thinking. This can include telling them their account will be deactivated if they don’t follow a link immediately or directing them to a cloned version of a bank or other well-known website where they are asked to provide login information.
Educating employees about phishing is important, and it is a good idea to promote a culture of skepticism amongst all workers, especially when receiving communications that are not initiated by them. A few key indicators of suspicious communications include: